California Attorney General Issues Guidance on App Security

Mobile endpoint security has often been a process of trial and error, as there have been many holes left in applications and websites that people use on their smartphones and tablets, but California Attorney General Kamala Harris is beginning a campaign to help make privacy protection a leading priority across the mobile world, according to the Los Angeles Times.

A new 22-page report, entitled "Privacy on the Go: Recommendations for the Mobile Ecosystem," could have national implications. The newspaper said state and federal authorities have not been doing a good job keeping up with the quickly advancing world of mobile technology, so this could be a big step toward helping businesses and consumers get some added security in this increasingly interconnected cyber world. Ryan Calo, assistant professor at the University of Washington School of Law, pondered California law becoming the national law of the land and the source added that having a mobile policy may become necessary, with more people carrying devices now than ever before.

While Harris does not have the authority to write new rules for mobile apps, she is interpreting 2004 state laws that require online services collecting personal information from consumers to have privacy policies in place, the Times said.

"In California, we have some of the strongest consumer protection laws in the country," Harris said, according to the newspaper. "While it is easy to conceive of innovation and regulation as mutually exclusive, California is proof that we can do both. We can innovate responsibly."

The Los Angeles Times points out that this effort from Harris is mirroring one by the federal government as well, which asked the National Telecommunications and Information Administration, a division of the Commerce Department, to get advocacy groups to put together a consumer bill of rights. However, this effort has been slowed by fighting in these groups, the source said.

Expectations From the Report
For app developers, the report said there are some expectations that must be met. These include:

– Making a data checklist to make sure all information that could be collected is kept track of
– Limiting collection of data that could be able to personally identify a person
– Having a clear privacy policy displayed prior to download
– Using enhanced measures to make sure users are aware of the privacy policy and know they are being protected